From: Joseph Reynolds <jrey@linux.ibm.com>
To: openbmc@lists.ozlabs.org
Subject: Re: Security Working Group - Wednesday May 12 - results
Date: Wed, 12 May 2021 13:18:48 -0500 [thread overview]
Message-ID: <8febdc9d-08bb-4094-9cad-7e6035c5bd71@linux.ibm.com> (raw)
In-Reply-To: <35156c27-e195-c238-1bb9-d20a30db3c63@linux.ibm.com>
On 5/11/21 8:59 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting
> scheduled for this Wednesday May 12 at 10:00am PDT.
>
> We'll discuss the following items on the agenda
> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
> and anything else that comes up:
>
Three items were discussed. You might want to start with item 3 first
to introduce the first two. Summary:
1. Security impacts of enabling kexec (load and optionally execute new
kernel) in the BMC's production kernel. How does this work and play
with secure boot and with IMA?
2. What are the security impacts of having the proc file system file
/proc/sysrq-triggerwhich can cause kernel panics which can cause the BMC
to terminate processing?
3. In general, how can you (an operator or the BMC's host system)
recover a BMC which has become unresponsive, for example, because its
kernel processing has failed. A design introduces using
/proc/sysrq-triggertogether with a recovery kernel installed by kexec.
Details, including links to the gerrit code reviews, are in the wiki.
- Joseph
>
>
> Access, agenda and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group
> <https://github.com/openbmc/openbmc/wiki/Security-working-group>
>
> - Joseph
next prev parent reply other threads:[~2021-05-12 18:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-12 1:59 Security Working Group - Wednesday May 12 Joseph Reynolds
2021-05-12 18:18 ` Joseph Reynolds [this message]
2021-05-12 20:40 ` Security Working Group - Wednesday May 12 - results Patrick Williams
2021-05-14 18:26 ` Joseph Reynolds
2021-05-12 21:35 ` Michael Richardson
2021-05-14 18:50 ` Joseph Reynolds
2021-05-13 0:25 ` Andrew Jeffery
2021-05-14 19:02 ` Joseph Reynolds
2021-05-16 23:15 ` Andrew Jeffery
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8febdc9d-08bb-4094-9cad-7e6035c5bd71@linux.ibm.com \
--to=jrey@linux.ibm.com \
--cc=openbmc@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.